what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

CVE-2018-8897

Status Candidate

Overview

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

Related Files

Microsoft Windows POP/MOV SS Local Privilege Elevation
Posted Jul 13, 2018
Authored by Nick Peterson, can1357, bwatters-r7, Nemanja Mulasmajic | Site metasploit.com

This Metasploit module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. This Metasploit module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.

tags | exploit, remote, kernel, code execution
advisories | CVE-2018-8897
SHA-256 | 8c042c8825650019d1e31b5398ad5381eeb236d87035fde08adff61e565143d1
Debian Security Advisory 4201-1
Posted May 16, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4201-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, CVE-2018-8897
SHA-256 | 5f94aebb03d033ff9bb6ee8f33889d513f0b3522c4d68c721d0f40f7968f1c51
Red Hat Security Advisory 2018-1523-01
Posted May 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1523-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-1087, CVE-2018-1088, CVE-2018-1111, CVE-2018-8897
SHA-256 | 86682245728d0509a02389329bcf0edddbdae534665e7f8d77e1c15e22b7d90b
Kernel Live Patch Security Notice LSN-0038-1
Posted May 9, 2018
Authored by Benjamin M. Romer

On May 8, fixes for CVE-2018-1087 and CVE-2018-8897 were released in linux kernel version 4.4.0-124.148. These CVEs are both related to the way that the linux kernel handles certain interrupt and exception instructions. If an interrupt or exception instruction (INT3, SYSCALL, etc.) is immediately preceded by a MOV SS or POP SS instruction, the resulting interrupt will be incorrectly handled, possibly crashing the operating system. The issue can be triggered by an unprivileged user. The fix for this problem requires modification of the interrupt descriptor tables (IDT), and modification of the interrupt handlers. Livepatch is unable to safely modify these areas, so upgrading to a corrected kernel and rebooting is required to fix the problem.

tags | advisory, kernel
systems | linux
advisories | CVE-2018-1087, CVE-2018-8897
SHA-256 | 0ed9608f57e15a5b058be5eb06c92f72ea884cf0e997d30b7285a27811e380ab
Debian Security Advisory 4196-1
Posted May 9, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4196-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2018-1087, CVE-2018-8897
SHA-256 | 93cc48d260bc7594d1b33464cbeae85c8108f7abd086bf698c5a407b0654ccb2
Red Hat Security Advisory 2018-1353-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1353-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
SHA-256 | afe3d9671e2e8ff15d7958818998be7354270f360f6adf3a3b66d1e43ab9e9e8
Ubuntu Security Notice USN-3641-2
Posted May 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3641-2 - USN-3641-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.10. This update provides the corresponding updates for Ubuntu 12.04 ESM. Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service. This issue only affected the amd64 architecture. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-1000199, CVE-2018-1087, CVE-2018-8897
SHA-256 | 8b62cd3908a2ea60933e4f5060c4a7cffa0119feb5c2296cf0f5d7231274b888
Red Hat Security Advisory 2018-1352-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1352-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
SHA-256 | 71efafc90a9a9e62010e3ca1590cf2ec3f8b1f5fa0c3faba42e3d7fcf8740a64
Ubuntu Security Notice USN-3641-1
Posted May 8, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3641-1 - Nick Peterson discovered that the Linux kernel did not properly handle debug exceptions following a MOV/POP to SS instruction. A local attacker could use this to cause a denial of service. This issue only affected the amd64 architecture. Andy Lutomirski discovered that the KVM subsystem of the Linux kernel did not properly emulate the ICEBP instruction following a MOV/POP to SS instruction. A local attacker in a KVM virtual machine could use this to cause a denial of service or possibly escalate privileges inside of the virtual machine. This issue only affected the i386 and amd64 architectures. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-1000199, CVE-2018-1087, CVE-2018-8897
SHA-256 | 54c635a827000ad1e9720e3b153dc5b8af85ba11bc41d5f1f952f2e981d32393
Red Hat Security Advisory 2018-1354-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1354-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-1000199, CVE-2018-8897
SHA-256 | 07cf2a8a33944e25e41319038ec30d5b0e2287a5b973c6e77a3571ff6f0c29ac
Red Hat Security Advisory 2018-1355-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1355-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-16939, CVE-2018-1000199, CVE-2018-1068, CVE-2018-1087, CVE-2018-8897
SHA-256 | 4447e6e273f5b0f0d5eb8a44bada9595ed1bf052db276cd1a4d04938e84a19fc
Red Hat Security Advisory 2018-1348-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1348-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-1000199, CVE-2018-1087, CVE-2018-8897
SHA-256 | 77e14f8e97722364a934d0e7a3d7fefdf5f0cbf6c8b69da99369eb567ee670ad
Red Hat Security Advisory 2018-1351-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1351-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
SHA-256 | b8d926c0cdf976fe63b0db1ccd7e76b873c8daef9ed021d651e7a90e77a91281
Red Hat Security Advisory 2018-1350-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1350-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
SHA-256 | 3d9889f41214444f35df9eb28bc8aaa89b7002912f60e8878b210f66b0324d18
Red Hat Security Advisory 2018-1349-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1349-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
SHA-256 | f497513e893b70e29f4311747b0ce6b42a9a870676f0b26bcc3a0ed7fa883c4f
Red Hat Security Advisory 2018-1347-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1347-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-1000199, CVE-2018-1087, CVE-2018-8897
SHA-256 | 64f3efd7e77588737cd63b6560896e2387734dbeceeab16e9ea654dd6a99b86e
Red Hat Security Advisory 2018-1346-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1346-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-8897
SHA-256 | 29fe02852f0733950360d16019705e279d6c1ed0a66e9f5263075d5ff7a14cf1
Red Hat Security Advisory 2018-1345-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1345-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2018-1000199, CVE-2018-1087, CVE-2018-8897
SHA-256 | ec6a1a88ee637d3c9343ff659da54d46ac857b9268235cba505aa87bfc6a8343
FreeBSD Security Advisory - FreeBSD-SA-18:06.debugreg
Posted May 8, 2018
Authored by Nick Peterson | Site security.freebsd.org

FreeBSD Security Advisory - The MOV SS and POP SS instructions inhibit debug exceptions until the instruction boundary following the next instruction. If that instruction is a system call or similar instruction that transfers control to the operating system, the debug exception will be handled in the kernel context instead of the user context. An authenticated local attacker may be able to read sensitive data in kernel memory, control low-level operating system functions, or may panic the system.

tags | advisory, kernel, local
systems | freebsd, bsd
advisories | CVE-2018-8897
SHA-256 | 436c2453ffbf42d86b402970ed7a42fbf8c2b6d77a9f356bfdc4d651e22df44f
Red Hat Security Advisory 2018-1319-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1319-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-1000410, CVE-2017-13166, CVE-2017-18017, CVE-2017-7645, CVE-2017-8824, CVE-2018-8897
SHA-256 | d3fe9410234a0ad13180edc1acd09d1f107cb6f71fe5498329640037d6599e2e
Red Hat Security Advisory 2018-1318-01
Posted May 8, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1318-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2017-16939, CVE-2018-1000199, CVE-2018-1068, CVE-2018-1087, CVE-2018-1091, CVE-2018-8897
SHA-256 | cbd3c6c3e9147b3d4a53a27345de22613a5693b4808c489836579c84720b9def
Apple Security Advisory 2018-05-08-1
Posted May 8, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-05-08-1 - This advisory provides additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001.

tags | advisory
systems | apple
advisories | CVE-2018-4187, CVE-2018-4206, CVE-2018-8897
SHA-256 | 8ea9153eebb7083c9b2f791b5fa10ed9e8a1ecdc60d8f44827888484c0fa29bb
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close